<!DOCTYPE html><html lang="zh-CN" data-theme="light"><head><meta charset="UTF-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1.0,viewport-fit=cover"><title>学海无涯苦作舟</title><meta name="author" content="小乾"><meta name="copyright" content="小乾"><meta name="format-detection" content="telephone=no"><meta name="theme-color" content="#ffffff"><meta property="og:type" content="website">
<meta property="og:title" content="学海无涯苦作舟">
<meta property="og:url" content="https://xiaoqian2000.gitee.io/blogs/page/3/index.html">
<meta property="og:site_name" content="学海无涯苦作舟">
<meta property="og:locale" content="zh_CN">
<meta property="og:image" content="https://xiaoqian2000.gitee.io/blogs/img/headpicture.png">
<meta property="article:author" content="小乾">
<meta name="twitter:card" content="summary">
<meta name="twitter:image" content="https://xiaoqian2000.gitee.io/blogs/img/headpicture.png"><link rel="shortcut icon" href="/blogs/img/headpicture.png"><link rel="canonical" href="https://xiaoqian2000.gitee.io/blogs/page/3/index.html"><link rel="preconnect" href="//cdn.jsdelivr.net"/><link rel="preconnect" href="//busuanzi.ibruce.info"/><link rel="stylesheet" href="/blogs/css/index.css"><link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/@fortawesome/fontawesome-free/css/all.min.css" media="print" onload="this.media='all'"><link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/@fancyapps/ui/dist/fancybox/fancybox.min.css" media="print" onload="this.media='all'"><script>const GLOBAL_CONFIG = {
  root: '/blogs/',
  algolia: undefined,
  localSearch: undefined,
  translate: undefined,
  noticeOutdate: undefined,
  highlight: {"plugin":"highlighjs","highlightCopy":true,"highlightLang":true,"highlightHeightLimit":false},
  copy: {
    success: '复制成功',
    error: '复制错误',
    noSupport: '浏览器不支持'
  },
  relativeDate: {
    homepage: false,
    post: false
  },
  runtime: '',
  dateSuffix: {
    just: '刚刚',
    min: '分钟前',
    hour: '小时前',
    day: '天前',
    month: '个月前'
  },
  copyright: undefined,
  lightbox: 'fancybox',
  Snackbar: undefined,
  source: {
    justifiedGallery: {
      js: 'https://cdn.jsdelivr.net/npm/flickr-justified-gallery/dist/fjGallery.min.js',
      css: 'https://cdn.jsdelivr.net/npm/flickr-justified-gallery/dist/fjGallery.min.css'
    }
  },
  isPhotoFigcaption: false,
  islazyload: false,
  isAnchor: false,
  percent: {
    toc: true,
    rightside: false,
  },
  autoDarkmode: false
}</script><script id="config-diff">var GLOBAL_CONFIG_SITE = {
  title: '学海无涯苦作舟',
  isPost: false,
  isHome: true,
  isHighlightShrink: false,
  isToc: false,
  postUpdate: '2023-09-19 18:27:22'
}</script><noscript><style type="text/css">
  #nav {
    opacity: 1
  }
  .justified-gallery img {
    opacity: 1
  }

  #recent-posts time,
  #post-meta time {
    display: inline !important
  }
</style></noscript><script>(win=>{
    win.saveToLocal = {
      set: function setWithExpiry(key, value, ttl) {
        if (ttl === 0) return
        const now = new Date()
        const expiryDay = ttl * 86400000
        const item = {
          value: value,
          expiry: now.getTime() + expiryDay,
        }
        localStorage.setItem(key, JSON.stringify(item))
      },

      get: function getWithExpiry(key) {
        const itemStr = localStorage.getItem(key)

        if (!itemStr) {
          return undefined
        }
        const item = JSON.parse(itemStr)
        const now = new Date()

        if (now.getTime() > item.expiry) {
          localStorage.removeItem(key)
          return undefined
        }
        return item.value
      }
    }
  
    win.getScript = url => new Promise((resolve, reject) => {
      const script = document.createElement('script')
      script.src = url
      script.async = true
      script.onerror = reject
      script.onload = script.onreadystatechange = function() {
        const loadState = this.readyState
        if (loadState && loadState !== 'loaded' && loadState !== 'complete') return
        script.onload = script.onreadystatechange = null
        resolve()
      }
      document.head.appendChild(script)
    })
  
    win.getCSS = (url,id = false) => new Promise((resolve, reject) => {
      const link = document.createElement('link')
      link.rel = 'stylesheet'
      link.href = url
      if (id) link.id = id
      link.onerror = reject
      link.onload = link.onreadystatechange = function() {
        const loadState = this.readyState
        if (loadState && loadState !== 'loaded' && loadState !== 'complete') return
        link.onload = link.onreadystatechange = null
        resolve()
      }
      document.head.appendChild(link)
    })
  
      win.activateDarkMode = function () {
        document.documentElement.setAttribute('data-theme', 'dark')
        if (document.querySelector('meta[name="theme-color"]') !== null) {
          document.querySelector('meta[name="theme-color"]').setAttribute('content', '#0d0d0d')
        }
      }
      win.activateLightMode = function () {
        document.documentElement.setAttribute('data-theme', 'light')
        if (document.querySelector('meta[name="theme-color"]') !== null) {
          document.querySelector('meta[name="theme-color"]').setAttribute('content', '#ffffff')
        }
      }
      const t = saveToLocal.get('theme')
    
          if (t === 'dark') activateDarkMode()
          else if (t === 'light') activateLightMode()
        
      const asideStatus = saveToLocal.get('aside-status')
      if (asideStatus !== undefined) {
        if (asideStatus === 'hide') {
          document.documentElement.classList.add('hide-aside')
        } else {
          document.documentElement.classList.remove('hide-aside')
        }
      }
    
    const detectApple = () => {
      if(/iPad|iPhone|iPod|Macintosh/.test(navigator.userAgent)){
        document.documentElement.classList.add('apple')
      }
    }
    detectApple()
    })(window)</script><meta name="generator" content="Hexo 6.3.0"></head><body><div id="sidebar"><div id="menu-mask"></div><div id="sidebar-menus"><div class="avatar-img is-center"><img src="/blogs/img/headpicture.png" onerror="onerror=null;src='/img/friend_404.gif'" alt="avatar"/></div><div class="sidebar-site-data site-data is-center"><a href="/blogs/archives/"><div class="headline">文章</div><div class="length-num">27</div></a><a href="/blogs/tags/"><div class="headline">标签</div><div class="length-num">0</div></a><a href="/blogs/categories/"><div class="headline">分类</div><div class="length-num">3</div></a></div><hr class="custom-hr"/><div class="menus_items"><div class="menus_item"><a class="site-page" href="/blogs/tags/"><i class="fa-fw fas fa-tags"></i><span> Tags</span></a></div><div class="menus_item"><a class="site-page" href="/blogs/categories/"><i class="fa-fw fas fa-folder-open"></i><span> Categories</span></a></div></div></div></div><div class="page" id="body-wrap"><header class="full_page" id="page-header" style="background-image: url('/blogs/img/wallhaven-9moko8_2560x1600.png')"><nav id="nav"><span id="blog-info"><a href="/blogs/" title="学海无涯苦作舟"><span class="site-name">学海无涯苦作舟</span></a></span><div id="menus"><div class="menus_items"><div class="menus_item"><a class="site-page" href="/blogs/tags/"><i class="fa-fw fas fa-tags"></i><span> Tags</span></a></div><div class="menus_item"><a class="site-page" href="/blogs/categories/"><i class="fa-fw fas fa-folder-open"></i><span> Categories</span></a></div></div><div id="toggle-menu"><a class="site-page" href="javascript:void(0);"><i class="fas fa-bars fa-fw"></i></a></div></div></nav><div id="site-info"><h1 id="site-title">学海无涯苦作舟</h1></div><div id="scroll-down"><i class="fas fa-angle-down scroll-down-effects"></i></div></header><main class="layout" id="content-inner"><div class="recent-posts" id="recent-posts"><div class="recent-post-item"><div class="recent-post-info no-cover"><a class="article-title" href="/blogs/2023/08/01/%E6%81%B6%E6%84%8F%E4%BB%A3%E7%A0%81%E5%AE%9E%E6%88%98%E5%88%86%E6%9E%90Lab%209-1/" title="恶意代码实战分析9.1">恶意代码实战分析9.1</a><div class="article-meta-wrap"><span class="post-meta-date"><i class="far fa-calendar-alt"></i><span class="article-meta-label">发表于</span><time datetime="2023-08-01T15:26:52.000Z" title="发表于 2023-08-01 23:26:52">2023-08-01</time></span><span class="article-meta"><span class="article-meta-separator">|</span><i class="fas fa-inbox"></i><a class="article-meta__categories" href="/blogs/categories/%E6%81%B6%E6%84%8F%E4%BB%A3%E7%A0%81%E5%AE%9E%E6%88%98%E5%88%86%E6%9E%90/">恶意代码实战分析</a></span></div><div class="content">Lab 9-1用OllyDbg和IDA Pro分析恶意代码文件Lab09-01.exe，回答下列问题在第3章中,我们使用基础的静态和动态分析技术，已经对这个恶意代码做了初步分析。
问题1.如何让这个恶意代码安装自身?通过提供指定命令行参数进行安装 ,或者强行更改代码逻辑.
1.有两种命令行参数选项.
1.1 3个命令行参数        (1)进程名[后面会根据进程名安装服务也就是服务名] (2)’’-in” (3)”abcd”;
1.2 4个命令行参数		(1)单纯进程名   (2)’’-in”  (3)指定服务名字符串  (4)”abcd”;
2.这两种方法区别就是一个是使用进程名当服务名一个是根据第三个命令行参数指定服务名.
2.这个恶意代码的命令行选项是什么?它要求的密码是什么?1.有4个命令行选项.
“-in”:是安装自己;
“-re”:是删除自己和注册表参数和服务进程.
“-c”:是修改注册表参数.
“-cc”:是打印注册表参数.
2.密码是”abcd”;
3.如何利用OllyDbg永久修补这个恶意代码，使其不需要指定的命令行密码?
1.修改0x00402B38出的跳转为j ...</div></div></div><div class="recent-post-item"><div class="recent-post-info no-cover"><a class="article-title" href="/blogs/2023/08/01/%E6%81%B6%E6%84%8F%E4%BB%A3%E7%A0%81%E5%AE%9E%E6%88%98%E5%88%86%E6%9E%90Lab%207-1/" title="恶意代码实战分析7.1">恶意代码实战分析7.1</a><div class="article-meta-wrap"><span class="post-meta-date"><i class="far fa-calendar-alt"></i><span class="article-meta-label">发表于</span><time datetime="2023-08-01T15:26:52.000Z" title="发表于 2023-08-01 23:26:52">2023-08-01</time></span><span class="article-meta"><span class="article-meta-separator">|</span><i class="fas fa-inbox"></i><a class="article-meta__categories" href="/blogs/categories/%E6%81%B6%E6%84%8F%E4%BB%A3%E7%A0%81%E5%AE%9E%E6%88%98%E5%88%86%E6%9E%90/">恶意代码实战分析</a></span></div><div class="content">Lab 7-1分析在文件Lab07-O1.exe中发现的恶意代码。问题1.当计算机重启后，这个程序如何确保它继续运行（达到持久化驻留）?1.通过CreateServiceA注册系统服务,并在第六个参数设置成开机自启动服务(SERVICE_AUTO_START–0x00000002)来达到持久驻留.
2.为什么这个程序会使用一个互斥量?1.防止多个相同的exe同时重复执行.因为下面的代码是注册服务和创建子线程,不需要重复执行,重复可能会出错.
3．可以用来检测这个程序的基于主机特征是什么?1.都会注册一个名为”HGL345”的互斥体.
2.电脑上会有一个名为”Malservice”的系统服务.
4.检测这个恶意代码的基于网络特征是什么?1.恶意代码会使用”Internet Explorer 8.0”代理访问网络.
2.会访问名为”http://www.malwareanalysisbook.com&quot;这链接,然后主程序进行无限等待.像是一个DDoS攻击.
6.这个程序什么时候完成执行?1.sleep函数填入了-1,无限等待.不过也有可能等待4294967295毫秒才能执行完.(4 ...</div></div></div><div class="recent-post-item"><div class="recent-post-info no-cover"><a class="article-title" href="/blogs/2023/08/01/%E6%81%B6%E6%84%8F%E4%BB%A3%E7%A0%81%E5%AE%9E%E6%88%98%E5%88%86%E6%9E%90Lab%206-3/" title="恶意代码实战分析6.3">恶意代码实战分析6.3</a><div class="article-meta-wrap"><span class="post-meta-date"><i class="far fa-calendar-alt"></i><span class="article-meta-label">发表于</span><time datetime="2023-08-01T15:26:52.000Z" title="发表于 2023-08-01 23:26:52">2023-08-01</time></span><span class="article-meta"><span class="article-meta-separator">|</span><i class="fas fa-inbox"></i><a class="article-meta__categories" href="/blogs/categories/%E6%81%B6%E6%84%8F%E4%BB%A3%E7%A0%81%E5%AE%9E%E6%88%98%E5%88%86%E6%9E%90/">恶意代码实战分析</a></span></div><div class="content">Lab 6-3在这个实验中，我们会分析在文件Lab06-03.exe中发现的恶意代码。问题1.比较在main函数与实验6-2的main函数的调用。从main中调用的新的函数是什么?是一个功能函数里面有删除文件,创建文件夹,拷贝文件,修改注册表功能.
2.这个新的函数使用的参数是什么?两个参数,func(char,char*);第一个参数是上个函数返回值也就是第五个字节数据,和cmd第一个命令.
3.这个函数包含的主要代码结构是什么?一个比较重要的switch 语句,通过判断第一感参数减去0x61然后对比跳转表进行跳转.
4.这个函数能够做什么?翻译代码:
1234567891011121314151617181920212223242526272829303132333435363738394041void func(char arg_0,char* arg_1)&#123;  	switch(arg_0)    &#123;        case 97:        &#123;            CreateDirectoryA(&quot;C:\\Temp&quot;); ...</div></div></div><div class="recent-post-item"><div class="recent-post-info no-cover"><a class="article-title" href="/blogs/2023/08/01/%E6%81%B6%E6%84%8F%E4%BB%A3%E7%A0%81%E5%AE%9E%E6%88%98%E5%88%86%E6%9E%90Lab%209-2/" title="恶意代码实战分析9.2">恶意代码实战分析9.2</a><div class="article-meta-wrap"><span class="post-meta-date"><i class="far fa-calendar-alt"></i><span class="article-meta-label">发表于</span><time datetime="2023-08-01T15:26:52.000Z" title="发表于 2023-08-01 23:26:52">2023-08-01</time></span><span class="article-meta"><span class="article-meta-separator">|</span><i class="fas fa-inbox"></i><a class="article-meta__categories" href="/blogs/categories/%E6%81%B6%E6%84%8F%E4%BB%A3%E7%A0%81%E5%AE%9E%E6%88%98%E5%88%86%E6%9E%90/">恶意代码实战分析</a></span></div><div class="content">Lab 9-2用OllyDbg分析恶意代码文件Lab09-02.exe，回答下列问题。问题1.在二进制文件中，你看到的静态字符串是什么?一些dll名和导入的函数名,一些打印消息,还有一个”cmd”字符串.
2．当你运行这个二进制文件时，会发生什么?1.没有任何反应.进程一运行就结束了.
3．怎样让恶意代码的攻击负载（payload）获得运行?1.将当前进程名字改成”ocl.exe”才能正常运行下去否则直接退出了.
2.text:00401240 74 0A                         jz      short loc_40124C或者更改进程二进制代码把jz改成jmp.
4.在地址0x00401133处发生了什么?1.在栈中生成了一段字符串:”1qaz2wsx3edc”;
5．传递给子例程（函数）0x00401089的参数是什么?一共有两个参数:
参数1是一段被加密的字符串,参数2是一段解密字符串(栈中生成的字符串).
6．恶意代码使用的域名是什么?1.通过0x00401089处的函数解密出来的字符串:www.practicalmalwareanalysis.co ...</div></div></div><div class="recent-post-item"><div class="recent-post-info no-cover"><a class="article-title" href="/blogs/2023/08/01/%E6%81%B6%E6%84%8F%E4%BB%A3%E7%A0%81%E5%AE%9E%E6%88%98%E5%88%86%E6%9E%90Lab%207-3/" title="恶意代码实战分析7.3">恶意代码实战分析7.3</a><div class="article-meta-wrap"><span class="post-meta-date"><i class="far fa-calendar-alt"></i><span class="article-meta-label">发表于</span><time datetime="2023-08-01T15:26:52.000Z" title="发表于 2023-08-01 23:26:52">2023-08-01</time></span><span class="article-meta"><span class="article-meta-separator">|</span><i class="fas fa-inbox"></i><a class="article-meta__categories" href="/blogs/categories/%E6%81%B6%E6%84%8F%E4%BB%A3%E7%A0%81%E5%AE%9E%E6%88%98%E5%88%86%E6%9E%90/">恶意代码实战分析</a></span></div><div class="content">Lab 7-3对于这个实验，我们在执行前获取到恶意的可执行程序，Lab07-03.exe，以及DLL,Lab07-03.dll。声明这一点很重要，这是因为恶意代码一旦运行可能发生改变。两个文件在受害者机器上的同一个目录下被发现。如果你运行这个程序，你应该确保两个文件在分析机器上的同一个目录中。一个以127开始的IP字符串（回环地址）连接到了本地机器。(在这个恶意代码的实际版本中，这个地址会连接到一台远程机器，但是我们已经将它设置成连接本地主机来保护你。)这个实验可能比前面那些有更大的挑战。你将需要使用静态和动态方法的组合，并聚焦在全局视图上，避免陷入细节。问题1.这个程序如何完成持久化驻留，来确保在计算机被重启后它能继续运行?1.通过Lab07-03.exe,把kernel32.dll导入进来,然后将其导出表的数据移植到Lab07-03.dll的导出表位置上,然后把Lab07-03.dll更改称’kerne132.dll’,写到’C:\windows\system32&#39;下伪装称kernel32.dll.(作业中没有把修改好的Lab07-03.dll替换掉原来的Lab07-03. ...</div></div></div><div class="recent-post-item"><div class="recent-post-info no-cover"><a class="article-title" href="/blogs/2023/08/01/%E6%81%B6%E6%84%8F%E4%BB%A3%E7%A0%81%E5%AE%9E%E6%88%98%E5%88%86%E6%9E%90Lab%209-3/" title="恶意代码实战分析9.3">恶意代码实战分析9.3</a><div class="article-meta-wrap"><span class="post-meta-date"><i class="far fa-calendar-alt"></i><span class="article-meta-label">发表于</span><time datetime="2023-08-01T15:26:52.000Z" title="发表于 2023-08-01 23:26:52">2023-08-01</time></span><span class="article-meta"><span class="article-meta-separator">|</span><i class="fas fa-inbox"></i><a class="article-meta__categories" href="/blogs/categories/%E6%81%B6%E6%84%8F%E4%BB%A3%E7%A0%81%E5%AE%9E%E6%88%98%E5%88%86%E6%9E%90/">恶意代码实战分析</a></span></div><div class="content">Lab 9-3使用OllyDbg和IDA Pro分析恶意代码文件Lab09-03.exe。这个恶意代码加载3个自带的DLL(DLL1.dl、DLL2.dll、DLL3.dl)，它们在编译时请求相同的内存加载位置。因此，在OllyDbg中对照IDA Pro浏览这些DLL可以发现，相同代码可能会出现在不同的内存位置。这个实验的目的是让你在使用OllyDbg看代码时可以轻松地在IDAPro里找到它对应的位置。问题1.Lab09-03.exe导入了哪些DLL?1.导入表导入了4个:KERNEL.dll,NERAPI32.dll,DLL1.dll,DLL2.dll.动态导入有一个DLL3.dll和User32.dll.
2.DLL1.dll、DLL2.dll、DLL3.dll要求的基地址是多少?1.都是0x10000000;DLL1.dll:10000000,DLL2.dll:10000000,DLL2.dll:10000000.
3．当使用OllyDbg 调试Lab09-03.exe时，为DLL1.dll、DLL2.dl、DLL3.dl分配的基地址是什么?内存中DLL1在:0x10000000 ...</div></div></div><div class="recent-post-item"><div class="recent-post-info no-cover"><a class="article-title" href="/blogs/2023/08/01/%E6%81%B6%E6%84%8F%E4%BB%A3%E7%A0%81%E5%AE%9E%E6%88%98%E5%88%86%E6%9E%90Lab13-1/" title="恶意代码实战分析13.1">恶意代码实战分析13.1</a><div class="article-meta-wrap"><span class="post-meta-date"><i class="far fa-calendar-alt"></i><span class="article-meta-label">发表于</span><time datetime="2023-08-01T15:26:52.000Z" title="发表于 2023-08-01 23:26:52">2023-08-01</time></span><span class="article-meta"><span class="article-meta-separator">|</span><i class="fas fa-inbox"></i><a class="article-meta__categories" href="/blogs/categories/%E6%81%B6%E6%84%8F%E4%BB%A3%E7%A0%81%E5%AE%9E%E6%88%98%E5%88%86%E6%9E%90/">恶意代码实战分析</a></span></div><div class="content">Lab13-1分析恶意代码文件Lab13-01.exe。问题1．比较恶意代码中的字符串（字符串命令的输出）与动态分析提供的有用信息，基于这些比较，哪些元素可能被加密?1.动态分析发现访问了一个域名但是在exe字符串查找并没有找到,”http://www.practicalmalwareanalysis.com/V2luWHAtNTJQb2pp“.
2．使用IDA Pro搜索恶意代码中字符串‘xor’，以此来查找潜在的加密,你发现了哪些加密类型?1.0x00401190处有个单字节循环异或0x3B的解密函数.
3．恶意代码使用什么密钥加密，加密了什么内容?1.用了0x3b异或加密了一段字符串.还原后是一个链接”www.practicalmalwareanalysis.com“.
4．使用静态工具FindCrypt2、Krypto ANALyzer (KANAL)以及 IDA嫡插件识别一些其他类型的加密机制，你发现了什么?1.使用FindCrypt插件发现一个BASE64字符表在.rdata:004050E8处:”ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijkl ...</div></div></div><nav id="pagination"><div class="pagination"><a class="extend prev" rel="prev" href="/blogs/page/2/#content-inner"><i class="fas fa-chevron-left fa-fw"></i></a><a class="page-number" href="/blogs/">1</a><a class="page-number" href="/blogs/page/2/#content-inner">2</a><span class="page-number current">3</span></div></nav></div><div class="aside-content" id="aside-content"><div class="card-widget card-info"><div class="is-center"><div class="avatar-img"><img src="/blogs/img/headpicture.png" onerror="this.onerror=null;this.src='/blogs/img/friend_404.gif'" alt="avatar"/></div><div class="author-info__name">小乾</div><div class="author-info__description"></div></div><div class="card-info-data site-data is-center"><a href="/blogs/archives/"><div class="headline">文章</div><div class="length-num">27</div></a><a href="/blogs/tags/"><div class="headline">标签</div><div class="length-num">0</div></a><a href="/blogs/categories/"><div class="headline">分类</div><div class="length-num">3</div></a></div><a id="card-info-btn" target="_blank" rel="noopener" href="https://gitee.com/xiaoqian2000"><i class="fab fa-github"></i><span>Follow Me</span></a></div><div class="card-widget card-announcement"><div class="item-headline"><i class="fas fa-bullhorn fa-shake"></i><span>公告</span></div><div class="announcement_content">欢迎学习和讨论</div></div><div class="sticky_layout"><div class="card-widget card-recent-post"><div class="item-headline"><i class="fas fa-history"></i><span>最新文章</span></div><div class="aside-list"><div class="aside-list-item no-cover"><div class="content"><a class="title" href="/blogs/2023/08/20/Window10%20SwapContext%E5%88%86%E6%9E%90/" title="Win10 X64 1904 线程交换SwapContext分析">Win10 X64 1904 线程交换SwapContext分析</a><time datetime="2023-08-20T13:21:52.000Z" title="发表于 2023-08-20 21:21:52">2023-08-20</time></div></div><div class="aside-list-item no-cover"><div class="content"><a class="title" href="/blogs/2023/08/20/win10%20%E7%B3%BB%E7%BB%9F%E8%B0%83%E7%94%A8/" title="Win10 X64 1904 系统调用">Win10 X64 1904 系统调用</a><time datetime="2023-08-20T13:21:52.000Z" title="发表于 2023-08-20 21:21:52">2023-08-20</time></div></div><div class="aside-list-item no-cover"><div class="content"><a class="title" href="/blogs/2023/08/20/C++%E7%B1%BB%E7%9A%84%E5%86%85%E5%AD%98%E5%88%86%E5%B8%83/" title="C++类的内存分布">C++类的内存分布</a><time datetime="2023-08-20T11:51:52.000Z" title="发表于 2023-08-20 19:51:52">2023-08-20</time></div></div><div class="aside-list-item no-cover"><div class="content"><a class="title" href="/blogs/2023/08/15/decltpye%E8%AE%B2%E8%A7%A3/" title="decltpye:讲解">decltpye:讲解</a><time datetime="2023-08-14T16:03:52.000Z" title="发表于 2023-08-15 00:03:52">2023-08-15</time></div></div><div class="aside-list-item no-cover"><div class="content"><a class="title" href="/blogs/2023/08/01/%E6%81%B6%E6%84%8F%E4%BB%A3%E7%A0%81%E5%AE%9E%E6%88%98%E5%88%86%E6%9E%90Lab%2010-1/" title="恶意代码实战分析10.1">恶意代码实战分析10.1</a><time datetime="2023-08-01T15:26:52.000Z" title="发表于 2023-08-01 23:26:52">2023-08-01</time></div></div></div></div><div class="card-widget card-categories"><div class="item-headline">
            <i class="fas fa-folder-open"></i>
            <span>分类</span>
            
            </div>
            <ul class="card-category-list" id="aside-cat-list">
            <li class="card-category-list-item "><a class="card-category-list-link" href="/blogs/categories/Effective-Modern-C/"><span class="card-category-list-name">Effective Modern C++</span><span class="card-category-list-count">2</span></a></li><li class="card-category-list-item "><a class="card-category-list-link" href="/blogs/categories/windows%E5%86%85%E6%A0%B8%E7%9F%A5%E8%AF%86/"><span class="card-category-list-name">windows内核知识</span><span class="card-category-list-count">2</span></a></li><li class="card-category-list-item "><a class="card-category-list-link" href="/blogs/categories/%E6%81%B6%E6%84%8F%E4%BB%A3%E7%A0%81%E5%AE%9E%E6%88%98%E5%88%86%E6%9E%90/"><span class="card-category-list-name">恶意代码实战分析</span><span class="card-category-list-count">23</span></a></li>
            </ul></div><div class="card-widget card-archives"><div class="item-headline"><i class="fas fa-archive"></i><span>归档</span></div><ul class="card-archive-list"><li class="card-archive-list-item"><a class="card-archive-list-link" href="/blogs/archives/2023/08/"><span class="card-archive-list-date">八月 2023</span><span class="card-archive-list-count">27</span></a></li></ul></div><div class="card-widget card-webinfo"><div class="item-headline"><i class="fas fa-chart-line"></i><span>网站资讯</span></div><div class="webinfo"><div class="webinfo-item"><div class="item-name">文章数目 :</div><div class="item-count">27</div></div><div class="webinfo-item"><div class="item-name">本站访客数 :</div><div class="item-count" id="busuanzi_value_site_uv"><i class="fa-solid fa-spinner fa-spin"></i></div></div><div class="webinfo-item"><div class="item-name">本站总访问量 :</div><div class="item-count" id="busuanzi_value_site_pv"><i class="fa-solid fa-spinner fa-spin"></i></div></div><div class="webinfo-item"><div class="item-name">最后更新时间 :</div><div class="item-count" id="last-push-date" data-lastPushDate="2023-09-19T10:27:22.405Z"><i class="fa-solid fa-spinner fa-spin"></i></div></div></div></div></div></div></main><footer id="footer"><div id="footer-wrap"><div class="copyright">&copy;2020 - 2023 By 小乾</div><div class="framework-info"><span>框架 </span><a target="_blank" rel="noopener" href="https://hexo.io">Hexo</a><span class="footer-separator">|</span><span>主题 </span><a target="_blank" rel="noopener" href="https://github.com/jerryc127/hexo-theme-butterfly">Butterfly</a></div></div></footer></div><div id="rightside"><div id="rightside-config-hide"><button id="darkmode" type="button" title="浅色和深色模式转换"><i class="fas fa-adjust"></i></button><button id="hide-aside-btn" type="button" title="单栏和双栏切换"><i class="fas fa-arrows-alt-h"></i></button></div><div id="rightside-config-show"><button id="rightside_config" type="button" title="设置"><i class="fas fa-cog fa-spin"></i></button><button id="go-up" type="button" title="回到顶部"><span class="scroll-percent"></span><i class="fas fa-arrow-up"></i></button></div></div><div><script src="/blogs/js/utils.js"></script><script src="/blogs/js/main.js"></script><script src="https://cdn.jsdelivr.net/npm/@fancyapps/ui/dist/fancybox/fancybox.umd.min.js"></script><div class="js-pjax"></div><script async data-pjax src="//busuanzi.ibruce.info/busuanzi/2.3/busuanzi.pure.mini.js"></script></div></body></html>